Current state of Sharingan role -- still need to add rkhunter

2022-05-02 15:00:29 -05:00
parent 1c2f4266ad
commit d0146770a4
45 changed files with 4004 additions and 46 deletions
--- a/roles/Sharingan/tasks/data.yml
+++ b/roles/Sharingan/tasks/data.yml
@@ -0,0 +1,153 @@
+--- 
+ 
+ - name: Sharingan data packages
+   become: yes
+   package:
+     state: present
+     name: 
+       - syslog-ng
+       - monit
+       - monitoring-plugins
+
+ - name: Sharingan-Data apps dir
+   become: yes
+   file:
+     path: /etc/syslog-ng/apps.d
+     state: directory
+
+ - name: Sharingan-Data include apps dir
+   become: yes
+   register: base_config
+   lineinfile: 
+     path: /etc/syslog-ng/syslog-ng.conf
+     line: "{{ item }}"
+   loop: 
+     - '# Allow compartmentalization of config'
+     - '@include "apps.d/*.conf"'
+ 
+ - name: Sharingan-Data conf
+   become: yes
+   template:
+     src: graylog.conf.j2
+     dest: /etc/syslog-ng/apps.d/graylog.conf
+     owner: root
+     group: root
+     mode: 0750
+
+ - name: Sharingan-Data service conf
+   become: yes
+   copy:
+     src: syslog-ng@sharingan-data
+     dest: /etc/default/syslog-ng@sharingan-data
+     owner: root
+     group: root
+     mode: 0655
+
+ - name: Sharingan-Data filer service
+   become: yes
+   register: data_service
+   copy:
+     src: "sharingan-data.service/{{ ansible_os_family }}"
+     dest: /usr/lib/systemd/system/sharingan-data.service
+     owner: root
+     group: root
+     mode: 0750
+
+ - name: Sharingan-Eval service
+   become: yes
+   register: eval_service
+   copy:
+     src: sharingan-eval.service
+     dest: /usr/lib/systemd/system/sharingan-eval.service
+     owner: root
+     group: root
+     mode: 0750
+
+ - name: Sharingan-Eval monitrc
+   become: yes
+   template:
+     src: monitrc.j2
+     dest: /etc/monitrc
+     owner: root
+     group: root
+     mode: 0700
+
+ - name: Sharingan-Eval includes dir
+   become: yes
+   file:
+     path: /etc/monit.d
+     state: directory
+
+ - name: Sharingan-Eval monit templates
+   become: yes
+   copy:
+     src: templates
+     dest: /etc/monit.d/templates
+     owner: root
+     group: root
+     mode: 0700
+
+ - name: Sharingan-Eval monit scripts
+   become: yes
+   copy:
+     src: templates
+     dest: /etc/monit.d/scripts
+     owner: root
+     group: root
+     mode: 0700
+
+
+ - name: Sharingan-Eval monit host config
+   become: yes
+   copy:
+     src: "{{ inventory_hostname }}"
+     dest: "/etc/monit.d/{{ inventory_hostname }}"
+     owner: root
+     group: root
+     mode: 0700
+
+ - name: Sharingan-Heartbeat service
+   become: yes
+   register: heartbeat_service
+   copy:
+     src: "{{ item }}"
+     dest: /usr/lib/systemd/system
+     owner: root
+     group: root
+     mode: 0750
+   loop: 
+     - sharingan-heartbeat.timer
+     - sharingan-heartbeat.service 
+
+ - name: Sharingan-Data heartbeat timer
+   become: yes
+   copy:
+     src: sharingan-heartbeat.timer
+     dest: /usr/lib/systemd/system
+     owner: root
+     group: root
+     mode: 0750
+
+ - systemd:
+     daemon_reload: yes
+   become: yes
+   when: data_service.changed or eval_service.changed or heartbeat_service.changed
+
+ - name: Start Sharingan-Data services
+   become: yes
+   service:
+     name: "{{ item }}"
+     state: restarted
+     enabled: yes
+   loop:
+     - sharingan-data.service
+     - sharingan-heartbeat.timer
+     - sharingan-eval.service
+
+ - name: Disable default service
+   become: yes
+   ignore_errors: yes
+   service:
+     name: syslog-ng@default.service
+     state: stopped
+     enabled: no